Jerome Edge, "Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management"

Summary: The Department of Defense has mandated a risk management rather than risk avoidance approach in Cybersecurity. All Department of Defense programs are being directed to the Risk Management Framework (RMF) process. No Cyber system can be 100% secure. RMF mandates that we clearly determine the "value" of assets, such as information and intellectual property, and design systems to properly protect those assets. The commercial domain embraces the mantra that an organization should not spend more to protect the asset than the asset is worth. This presentation will provide an overview of RMF as applied to a specific publically available case study and highlight that utilizing commercial best practices can reduce cost of delivered systems to DoD.